[grsec] grsecurity 2.1.3 released for 2.4.29/2.6.11 *CRITICAL
UPDATE FOR RBAC USERS*
Brad Spengler
spender at grsecurity.net
Mon Mar 7 09:46:24 EST 2005
grsecurity 2.1.3 has been released to fix a number of problems found
during a routine audit of grsecurity. Changes in this release include
allowed gradm -u for non-root users in a no-authentication special role,
addition of a missing ptrace hook on amd64, fixed hidden file check that
takes subject inheritance into account, unification of the mmap hook so
it no longer requires a per-arch component, and the breakup of the "O"
subject flag into "O" and "t", where "O" now means to allow writable
library loads for the process, while "t" allows a process to ptrace any
task. The "t" mode should be used sparingly in combination with the
no-ptrace object flag. A bug in PaX that causes a SIGBUS in a task when
SEGMEXEC is enabled but MPROTECT is disabled has been fixed in this
release as well.
During the audit, a critical vulnerability was found in the RBAC system
that effectively gave every subject the "O" flag, allowing a root user
for instance to gain the privileges of any other process through
LD_PRELOAD or ptrace. If you have already upgraded to 2.1.2 and use the
RBAC system, I strongly urge you to upgrade to 2.1.3. To ensure that
problems like this won't occur in the future, I will be developing an
extensive regression test suite for the RBAC system similar to the one
that exists already for non-RBAC features.
Sorry about the timing of this release, but the vuln I discovered is
quite serious, and I'm hoping to catch the people who haven't updated
their machines to 2.1.2 yet due to it being released over the weekend.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050307/b3289046/attachment.pgp
More information about the grsecurity
mailing list